Commit Graph

673 Commits

Author SHA256 Message Date
Dominique Leuenberger
6031a905f5 Accepting request 969350 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/969350
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=277
2022-04-14 15:23:29 +00:00
Wolfgang Rosenauer
f67dab94c7 Accepting request 969338 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/969338
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=630
2022-04-12 08:22:14 +00:00
Dominique Leuenberger
830dc226c0 Accepting request 964779 from mozilla:Factory
- skip slow workers, this is a tough build job

OBS-URL: https://build.opensuse.org/request/show/964779
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=276
2022-03-28 14:59:57 +00:00
Wolfgang Rosenauer
dddae6adff Accepting request 962487 from home:dirkmueller:Factory
- skip slow workers, this is a tough build job

OBS-URL: https://build.opensuse.org/request/show/962487
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=628
2022-03-18 19:19:54 +00:00
Dominique Leuenberger
c47788c2ac Accepting request 960657 from mozilla:Factory
- Mozilla Thunderbird 91.7.0
  * Thunderbird will use the first occurrence of headers that should
    only appear once
  * Auto-complete incorrectly changed a pasted email address to the
    primary address of a contact
  * Attachments with filename extensions that were not registered in
    MIME types could not be opened
  * Copy/Cut/Paste actions not working in Thunderbird Preferences
  * Improved screen reader support of displayed message headers
  MFSA 2022-12 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26386 (bmo#1752396)
    Temporary files downloaded to /tmp and accessible by other
    local users

- Mozilla Thunderbird 91.6.2
  MFSA 2022-09
  * CVE-2022-26485 (bmo#1758062)
    Use-after-free in XSLT parameter processing
  * CVE-2022-26486 (bmo#1758070)
    Use-after-free in WebGPU IPC Framework

OBS-URL: https://build.opensuse.org/request/show/960657
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=275
2022-03-13 19:24:29 +00:00
Wolfgang Rosenauer
bcdb022bb0 - Mozilla Thunderbird 91.7.0
* Thunderbird will use the first occurrence of headers that should
    only appear once
  * Auto-complete incorrectly changed a pasted email address to the
    primary address of a contact
  * Attachments with filename extensions that were not registered in
    MIME types could not be opened
  * Copy/Cut/Paste actions not working in Thunderbird Preferences
  * Improved screen reader support of displayed message headers
  MFSA 2022-12 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26386 (bmo#1752396)
    Temporary files downloaded to /tmp and accessible by other
    local users

- Mozilla Thunderbird 91.6.2
  MFSA 2022-09
  * CVE-2022-26485 (bmo#1758062)
    Use-after-free in XSLT parameter processing
  * CVE-2022-26486 (bmo#1758070)
    Use-after-free in WebGPU IPC Framework

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=626
2022-03-09 10:34:57 +00:00
Dominique Leuenberger
5c26ec22f2 Accepting request 955596 from mozilla:Factory
just added the bsc bug security bug reference

- Mozilla Thunderbird 91.6.1
  * generated views of meeting invitations are now expanded by default
  * Emails were not downloading at startup under some conditions
  * Port numbers were not shown in "Confirm Security Exception"
    dialog for CalDAV connections
  MFSA 2022-07 (bsc#1196072)
  * CVE-2022-0566 (bmo#1753094)
    Crafted email could trigger an out-of-bounds write

OBS-URL: https://build.opensuse.org/request/show/955596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=274
2022-02-18 22:02:38 +00:00
Wolfgang Rosenauer
260a0409e1 MFSA 2022-07 (bsc#1196072)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=625
2022-02-17 09:38:37 +00:00
Wolfgang Rosenauer
82981dade8 - Mozilla Thunderbird 91.6.1
* generated views of meeting invitations are now expanded by default
  * Emails were not downloading at startup under some conditions
  * Port numbers were not shown in "Confirm Security Exception"
    dialog for CalDAV connections
  MFSA 2022-07
  * CVE-2022-0566 (bmo#1753094)
    Crafted email could trigger an out-of-bounds write

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=624
2022-02-16 07:53:13 +00:00
Dominique Leuenberger
cdf682b923 Accepting request 953831 from mozilla:Factory
- Mozilla Thunderbird 91.6.0
  * TB will now offer to send large forwarded attachments via FileLink
  * Partially signed unencrypted messages displayed an incorrect
    "parrtially encrypted" notification
  * Attachments filenames were not sanitized before saving to disk
  * In the attachment bar, the "Import OpenPGP Key" item displayed
    for public keys displayed an error and did not import the key
  * "Open with" attachment dialog did not have a selected radio
    button option
  MFSA 2022-06 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance
    Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during
    update
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22763 (bmo#1740534)
    Script Execution during invalid object state

OBS-URL: https://build.opensuse.org/request/show/953831
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=273
2022-02-13 18:50:37 +00:00
Wolfgang Rosenauer
5e8c474a19 - Mozilla Thunderbird 91.6.0
* TB will now offer to send large forwarded attachments via FileLink
  * Partially signed unencrypted messages displayed an incorrect
    "parrtially encrypted" notification
  * Attachments filenames were not sanitized before saving to disk
  * In the attachment bar, the "Import OpenPGP Key" item displayed
    for public keys displayed an error and did not import the key
  * "Open with" attachment dialog did not have a selected radio
    button option
  MFSA 2022-06 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance
    Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during
    update
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22763 (bmo#1740534)
    Script Execution during invalid object state

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=623
2022-02-11 22:30:53 +00:00
Dominique Leuenberger
581199f38e Accepting request 949349 from mozilla:Factory
- Mozilla Thunderbird 91.5.1
  * JS LDAP implementation did not support self-signed SSL certificates
  * After saving a draft and subsequently sending a FileLink email,
    the original file was removed from disk
  * Chat OTR encryption did not work
  * OTR verification bar was not removed after completing verification
  * Various theme improvements

- Enable -fimplicit-constexpr for GCC 12+.

OBS-URL: https://build.opensuse.org/request/show/949349
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=272
2022-01-29 20:01:01 +00:00
Wolfgang Rosenauer
c34bf76e06 - Mozilla Thunderbird 91.5.1
* JS LDAP implementation did not support self-signed SSL certificates
  * After saving a draft and subsequently sending a FileLink email,
    the original file was removed from disk
  * Chat OTR encryption did not work
  * OTR verification bar was not removed after completing verification
  * Various theme improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=622
2022-01-26 22:00:35 +00:00
Wolfgang Rosenauer
2b26512461 Accepting request 947696 from home:marxin:branches:mozilla:Factory
- Enable -fimplicit-constexpr for GCC 12+.

OBS-URL: https://build.opensuse.org/request/show/947696
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=621
2022-01-21 22:40:32 +00:00
Dominique Leuenberger
84d0abbef4 Accepting request 945701 from mozilla:Factory
- Mozilla Thunderbird 91.5.0
  https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
  MFSA 2022-03 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation event
  * CVE-2022-22744 (bmo#1737252)
    The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2022-22747 (bmo#1735028)
    Crash when handling empty pkcs7 sequence
  * CVE-2022-22739 (bmo#1744158)

OBS-URL: https://build.opensuse.org/request/show/945701
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=271
2022-01-12 23:22:14 +00:00
Wolfgang Rosenauer
ed5ea29202 - Mozilla Thunderbird 91.5.0
https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
  MFSA 2022-03 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation event
  * CVE-2022-22744 (bmo#1737252)
    The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2022-22747 (bmo#1735028)
    Crash when handling empty pkcs7 sequence
  * CVE-2022-22739 (bmo#1744158)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=620
2022-01-11 22:11:21 +00:00
Dominique Leuenberger
4188f5049a Accepting request 943034 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/943034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=270
2021-12-30 14:55:28 +00:00
Wolfgang Rosenauer
794263a781 Accepting request 943031 from home:iznogood:branches:mozilla:Factory
- Add mozilla-bmo1745560.patch: Fix build against wayland 1.20.

OBS-URL: https://build.opensuse.org/request/show/943031
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=619
2021-12-29 09:35:12 +00:00
Dominique Leuenberger
dea0b95075 Accepting request 941707 from mozilla:Factory
- Mozilla Thunderbird 91.4.1
  * several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/
  MFSA 2021-55 (bsc#1193845)
  * CVE-2021-4126 (bmo#1732310)
    OpenPGP signature status doesn't consider additional message
    content
  * CVE-2021-44538 (bmo#1744056)
    Matrix chat library libolm bundled with Thunderbird
    vulnerable to a buffer overflow
- updated _constraints

OBS-URL: https://build.opensuse.org/request/show/941707
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=269
2021-12-22 19:17:42 +00:00
Wolfgang Rosenauer
0dadd2459b - Mozilla Thunderbird 91.4.1
* several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/
  MFSA 2021-55 (bsc#1193845)
  * CVE-2021-4126 (bmo#1732310)
    OpenPGP signature status doesn't consider additional message
    content
  * CVE-2021-44538 (bmo#1744056)
    Matrix chat library libolm bundled with Thunderbird
    vulnerable to a buffer overflow
- updated _constraints

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=618
2021-12-20 21:55:16 +00:00
Dominique Leuenberger
0c16f1e785 Accepting request 936365 from mozilla:Factory
- Mozilla Thunderbird 91.4.0
  * several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
  MFSA 2021-54 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43545 (bmo#1720926)
    Denial of Service when using the Location API in a loop
  * CVE-2021-43546 (bmo#1737751)
    Cursor spoofing could overlay user interface when native
    cursor is zoomed
  * CVE-2021-43528 (bmo#1742579)
    JavaScript unexpectedly enabled for the composition area
  * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
    bmo#1737009, bmo#1739372, bmo#1739421)

OBS-URL: https://build.opensuse.org/request/show/936365
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=268
2021-12-11 23:56:10 +00:00
Wolfgang Rosenauer
a14190f4f1 - Mozilla Thunderbird 91.4.0
* several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
  MFSA 2021-54 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43545 (bmo#1720926)
    Denial of Service when using the Location API in a loop
  * CVE-2021-43546 (bmo#1737751)
    Cursor spoofing could overlay user interface when native
    cursor is zoomed
  * CVE-2021-43528 (bmo#1742579)
    JavaScript unexpectedly enabled for the composition area
  * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
    bmo#1737009, bmo#1739372, bmo#1739421)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=617
2021-12-07 21:16:26 +00:00
Wolfgang Rosenauer
2586d6fed9 Accepting request 935066 from home:AndreasStieger:branches:mozilla:Factory
* OpenPGP: Botan updated to 2.18.2; addresses CVE-2021-40529
    boo#1189244

OBS-URL: https://build.opensuse.org/request/show/935066
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=616
2021-12-02 08:34:58 +00:00
Wolfgang Rosenauer
38d59e02c4 Accepting request 934032 from home:iznogood:branches:mozilla:Factory
- Drop unused libidl-devel BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/934032
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=615
2021-11-30 07:53:39 +00:00
Dominique Leuenberger
3f64f2e29a Accepting request 932690 from mozilla:Factory
- Mozilla Thunderbird 91.3.2
  * Date selection in Calendar print settings widget changed to use
    mini calendar widget
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/

- Mozilla Thunderbird 91.3.1
  * OpenPGP public keys will no longer count as an attachment in
    the message list
  * Adding a search engine via URL now supported
  * FileLink messages' template updated; Thunderbird advertisement
    removed
  * After an update, Thunderbird will now check installed addons
    for updates
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.1/releasenotes/

OBS-URL: https://build.opensuse.org/request/show/932690
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=267
2021-11-23 21:09:58 +00:00
Wolfgang Rosenauer
e5380b41d0 - Mozilla Thunderbird 91.3.2
* Date selection in Calendar print settings widget changed to use
    mini calendar widget
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/

- Mozilla Thunderbird 91.3.1
  * OpenPGP public keys will no longer count as an attachment in
    the message list
  * Adding a search engine via URL now supported
  * FileLink messages' template updated; Thunderbird advertisement
    removed
  * After an update, Thunderbird will now check installed addons
    for updates
  * Bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.3.1/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=614
2021-11-20 22:24:01 +00:00
Dominique Leuenberger
0925e9ee97 Accepting request 929062 from mozilla:Factory
- Mozilla Thunderbird 91.3.0
  * several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
  MFSA 2021-50  (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Thunderbird could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0008 (bmo#1667102)
    Use-after-free in HTTP2 Session object
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
    bmo#1735152)
    Memory safety bugs fixed in Thunderbird ESR 91.3
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires

OBS-URL: https://build.opensuse.org/request/show/929062
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=266
2021-11-06 17:13:26 +00:00
Wolfgang Rosenauer
9908ef8381 * several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
  MFSA 2021-50  (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Thunderbird could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0008 (bmo#1667102)
    Use-after-free in HTTP2 Session object
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
    bmo#1735152)
    Memory safety bugs fixed in Thunderbird ESR 91.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=613
2021-11-03 16:44:34 +00:00
Wolfgang Rosenauer
7db3c542e4 - Mozilla Thunderbird 91.3.0
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=612
2021-11-02 20:49:23 +00:00
Dominique Leuenberger
62fc14d3bc Accepting request 927299 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/927299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=265
2021-10-26 18:13:32 +00:00
Wolfgang Rosenauer
54d0229e37 Accepting request 927260 from home:Guillaume_G:branches:mozilla:Factory
- Increase memory required per threads for aarch64 to avoid OOM

OBS-URL: https://build.opensuse.org/request/show/927260
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=611
2021-10-25 12:09:26 +00:00
Wolfgang Rosenauer
d9c01b1222 - Mozilla Thunderbird 91.2.1
* Preference added to disable automatic pausing RSS feed updates
    after a fetch failure
  * several bugfixes as outlined in release notes
    https://www.thunderbird.net/en-US/thunderbird/91.2.1/releasenotes/

- add mozilla-bmo1724679.patch (bmo#1724679, boo#1182863)
  fix some env variables which are enabled for any value

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=610
2021-10-23 12:56:24 +00:00
Wolfgang Rosenauer
e41c1dbb9c Accepting request 926797 from home:marxin:branches:mozilla:Factory
- Enable LTO on Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/926797
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=609
2021-10-22 21:24:06 +00:00
Dominique Leuenberger
28379a3e36 Accepting request 924567 from mozilla:Factory
- Mozilla Thunderbird 91.2.0
  * Saving a single message as .eml now uses a unique filename
  * New mail notifications did not properly take subfolders into account
  * Decrypting binary attachments when using an external GnuPG
    configuration failed
  * Account name fields in the account manager were not big enough
    for long names
  * LDAP searches using an extensibleMatch filter returned no results
  * Read-only CalDAV calendars and CardDAV address books were not detected
  * Multipart messages containing a calendar invite did not display
    any of the human-readable alternatives
  * Some calendar days were displayed incorrectly or duplicated
    (eg. two "29th" days of a particular month)
  * Phantom event was shown at the end of each day in Calendar week view
  MFSA 2021-46 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813,
    https://github.com/crossbeam-
    rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

OBS-URL: https://build.opensuse.org/request/show/924567
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=264
2021-10-12 19:48:29 +00:00
Wolfgang Rosenauer
7ec63b2a47 - Mozilla Thunderbird 91.2.0
* Saving a single message as .eml now uses a unique filename
  * New mail notifications did not properly take subfolders into account
  * Decrypting binary attachments when using an external GnuPG
    configuration failed
  * Account name fields in the account manager were not big enough
    for long names
  * LDAP searches using an extensibleMatch filter returned no results
  * Read-only CalDAV calendars and CardDAV address books were not detected
  * Multipart messages containing a calendar invite did not display
    any of the human-readable alternatives
  * Some calendar days were displayed incorrectly or duplicated
    (eg. two "29th" days of a particular month)
  * Phantom event was shown at the end of each day in Calendar week view
  MFSA 2021-46 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813,
    https://github.com/crossbeam-
    rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=608
2021-10-10 19:56:50 +00:00
Dominique Leuenberger
e2c06f5c17 Accepting request 922125 from mozilla:Factory
- Mozilla Thunderbird 91.1.2
  * Thunderbird will now warn if an S/MIME encrypted message includes
    BCC recipients
  * several bugfixes listed on
    https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/

OBS-URL: https://build.opensuse.org/request/show/922125
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=263
2021-10-05 20:33:29 +00:00
Wolfgang Rosenauer
6c2a252b2e - Mozilla Thunderbird 91.1.2
* Thunderbird will now warn if an S/MIME encrypted message includes
    BCC recipients
  * several bugfixes listed on
    https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=607
2021-09-29 08:09:48 +00:00
Dominique Leuenberger
f372e77cf6 Accepting request 921250 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/921250
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=262
2021-09-26 19:48:27 +00:00
Wolfgang Rosenauer
109cc974e1 - Mozilla Thunderbird 91.1.1
* Menu item for disabling subject encryption for a single message added
  * Printing messages that are not currently displayed is no longer
    supported, including printing multiple messages at once
  * for bugfixes see
    https://www.thunderbird.net/en-US/thunderbird/91.1.1/releasenotes
- MOZ_ENABLE_WAYLAND env variable now overrides automatic detection
  if already set before startup

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=606
2021-09-17 08:26:48 +00:00
Dominique Leuenberger
f2396d51e3 Accepting request 917701 from mozilla:Factory
- Mozilla Thunderbird 91.1.0
  * Thunderbird registered Accessibility Handlers using same GUIDs
    as Firefox, causing performance issues for NVDA users
  * Focus lost when reordering accounts by keyboard in the Account Manager
  * Account setup did not use provider display name for setting up
    calendars
  * Various theme and UX fixes
  MFSA 2021-41 (bsc#1190269)
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
    bmo#1724107)
    Memory safety bugs fixed in Thunderbird 91.1
- (re-)added mozilla-silence-no-return-type.patch
- add mozilla-bmo531915.patch to fix build for i586

OBS-URL: https://build.opensuse.org/request/show/917701
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=261
2021-09-11 20:24:23 +00:00
Wolfgang Rosenauer
c5e3285967 MFSA 2021-41 (bsc#1190269)
* CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
    bmo#1724107)
    Memory safety bugs fixed in Thunderbird 91.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=605
2021-09-09 10:23:08 +00:00
Wolfgang Rosenauer
d8aa64313d - Mozilla Thunderbird 91.1.0
* Thunderbird registered Accessibility Handlers using same GUIDs
    as Firefox, causing performance issues for NVDA users
  * Focus lost when reordering accounts by keyboard in the Account Manager
  * Account setup did not use provider display name for setting up
    calendars
  * Various theme and UX fixes
  MFSA 2021-XX (bsc#1190269)
- (re-)added mozilla-silence-no-return-type.patch
- add mozilla-bmo531915.patch to fix build for i586

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=604
2021-09-07 19:34:18 +00:00
Dominique Leuenberger
2c48a8976d Accepting request 914797 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/914797
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=260
2021-09-03 19:25:42 +00:00
Wolfgang Rosenauer
588265dc9f Accepting request 914700 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 91.0.3

OBS-URL: https://build.opensuse.org/request/show/914700
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=603
2021-08-28 14:15:56 +00:00
Dominique Leuenberger
961987d81a Accepting request 913013 from mozilla:Factory
- Mozilla Thunderbird 91.0.1
  MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses
- appdate screenshot URL updated (by mailaender@opensuse.org)

- Mozilla Thunderbird 91.0
  * based on Mozilla's 91 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
  * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
  * Thunderbird now operates in multi-process (e10s) mode by default
  * New user interface for adding attachments
  * Enable redirect of messages
  * CardDAV address book support
- Removed obsolete patches:
  * mozilla-bmo1463035.patch
  * mozilla-ppc-altivec_static_inline.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1554971.patch
- add mozilla-libavcodec58_91.patch
- removed obsolete BigEndian ICU build workaround
- updated build requirements
- build using clang

OBS-URL: https://build.opensuse.org/request/show/913013
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=259
2021-08-24 08:54:07 +00:00
Wolfgang Rosenauer
4f499ffe4c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=602 2021-08-19 07:30:27 +00:00
Wolfgang Rosenauer
4416d70412 MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=601
2021-08-19 07:29:26 +00:00
Wolfgang Rosenauer
6c01889e00 - Mozilla Thunderbird 91.0.1
- appdate screenshot URL updated (by mailaender@opensuse.org)

- Mozilla Thunderbird 91.0
  * based on Mozilla's 91 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
  * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
  * Thunderbird now operates in multi-process (e10s) mode by default
  * New user interface for adding attachments
  * Enable redirect of messages
  * CardDAV address book support
- Removed obsolete patches:
  * mozilla-bmo1463035.patch
  * mozilla-ppc-altivec_static_inline.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1554971.patch
- add mozilla-libavcodec58_91.patch
- removed obsolete BigEndian ICU build workaround
- updated build requirements
- build using clang

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=600
2021-08-19 07:16:16 +00:00
Wolfgang Rosenauer
3e12a2f698 Accepting request 912581 from home:Mailaender:branches:mozilla:Factory
https://software.opensuse.org/package/MozillaThunderbird has a broken image link

OBS-URL: https://build.opensuse.org/request/show/912581
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=599
2021-08-19 07:13:22 +00:00
Richard Brown
410b652abf Accepting request 911495 from mozilla:Factory
- Mozilla Thunderbird 78.13.0
  * removed WeTransfer integration package (not supported by vendor
    any longer)
  MFSA 2021-35 (bsc#1188891)
  * CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Thunderbird 78.13

OBS-URL: https://build.opensuse.org/request/show/911495
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=258
2021-08-16 08:05:36 +00:00